The role open-source intelligence is playing in the Russian invasion
As Russia’s invasion of Ukraine approaches one year long, a newly released report by intelligence firm Flashpoint has detailed the role of open-source intelligence (OSINT) in the conflict.
Governments and commercial organisations use Flashpoint to gain intelligence of on-the-ground situational awareness, build risk assessments, prevent disruption, and implement counterterrorism and crisis response efforts, among other vital applications.
Flashpoint’s intelligence is derived from publicly available information, chat services, social media and message platforms, among many other sources.
The report details ten real-life examples of how OSINT has helped organisations across the public and private sectors understand a hybrid war that spans cyber, physical, and informational domains.
“It has become a near imperative for just about every organisation in the world, from governments to enterprises, to be able to acknowledge and calculate their risk profiles in relation to the war,” says Andras Toth-Czifra, Senior Intelligence Analyst, Flashpoint.
“And because we will likely still see changes in how this war is fought—by what means and at which targets—the importance of obtaining accurate, timely, and actionable intelligence remains essential.”
The report was written by members of Flashpoint’s Intelligence Team, whose collective expertise encompasses everything from Russian-language cybercrime to the politics and culture of Russia and eastern Europe.
Looking at some of the examples the report provides, the first is how open-source intelligence is being used to understand recruitment by Russia on the front lines.
This is where the convergence of cyber and physical intelligence can identify how internet-driven communication and funding influence and enable kinetic movement and warfare.
Another example can be found in Cryptocurrency and illicit financing. The intel, which triangulates blockchain and threat intelligence, provides insight into on-the-ground operations of mercenary groups and private military companies involved in the war.
This includes information on troop movement, communication and transaction methods, and arms, supply, and infrastructure needs.
Intelligence sourced on destructive malware wipers gives visibility over the tools deployed over Ukrainian and Western networks, as well as the risk of wipers being used against critical infrastructure systems in countries allied to Ukraine.
Another source of information is Killnet, Russia’s favourite DDoS hacktivist collective. They have conducted distributed denial-of-service attacks on entities it believes to be Ukraine supporters.
Despite Killnet’s loud claims of being an ideologically motivated collective, the group still accepts commercial orders, providing information about who and what is purchasing from them.
Information and communications found on social media are key areas of importance. Eyewitnesses, military bloggers, correspondents, soldiers, and mercenaries alike have shared both textual information and visual media on Telegram and other platforms.
These communications can be used through open-source investigations to understand the placement, activities, and identities of invading troops, as well as the atrocities committed by them. This data could be crucial evidence in future court proceedings on war crimes.
Another aspect of this report highlighted the use of Disinformation narratives and how they are closely woven into the events of the war. This disinformation dates all the way back from Russia’s annexation of Crimea in 2014 to the current conflict.
These narratives have the power to shape political and kinetic decision-making; they are also effective tools for psychological influence.
The full report delves into more real-world examples and how open-source intelligence is vital in understanding this conflict.